Protecting Network Quality of Service against Denial of Service Attacks
description
Transcript of Protecting Network Quality of Service against Denial of Service Attacks
![Page 1: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/1.jpg)
1
Protecting Network Quality of Service against Denial
of Service Attacks
Protecting Network Quality of Service against Denial
of Service Attacks
Douglas S. Reeves S. Felix Wu Chandru Sargor
N. C. State University / MCNC
October 6, 1999
Tolerant Networks Program
BAA99-10 Kickoff Meeting
![Page 2: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/2.jpg)
2
Quality of Service - a New Capability for Packet-Switching
Quality of Service - a New Capability for Packet-Switching
New services Guaranteed minimum bandwidth Guaranteed maximum delay Guaranteed maximum loss rate
Guaranteeing QoS for a “flow” requires providing adequate resources
![Page 3: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/3.jpg)
3
SRC DST
Tspec = 5M Tspec = 5M
ADspec = 5M
Reserve3M
Reserve3M
That looks fineto me…..
ADspec = 4M ADspec = 3M
PATH PATH messages
RESV messages
IntServ / RSVP OperationIntServ / RSVP Operation
![Page 4: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/4.jpg)
4
DiffServDiffServ
SRC1 DST1
DST2SRC2
Service Agreementand Traffic Agreement
DATA flow
![Page 5: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/5.jpg)
5
Quality of Service - A New VulnerabilityQuality of Service - A New Vulnerability
Normal users will try to get maximum QoS without regard to others
Malicious users will try to deny quality of service for others
![Page 6: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/6.jpg)
6
The ARQOS ProjectThe ARQOS Project
Selective verification of reservation signaling (SVR)
Congestion pricing of scarce resources ($$$)
Monitoring of data flows, and integration with intrusion detection (IDS)
![Page 7: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/7.jpg)
7
SVR: Attacking ADSpec SVR: Attacking ADSpec
Reserve200M
Reserve5M
That looks fineto me…..
SRC DST
ADSpec = 5M ADSpec = 200M
![Page 8: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/8.jpg)
8
SVR: IETF RSVP SecurityCurrent solution proposed by Fred BakerSVR: IETF RSVP SecurityCurrent solution proposed by Fred Baker
All routers, even including those not on the path, share the same “key table”
Hop-by-hop authentication of messages– outsiders tampering with packets will be
detected, but corrupted insiders will not be detected
![Page 9: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/9.jpg)
9
A & B trust each other; If A is compromised and sends a faulty ADSpec,there is no way for B to know about it
Sharing a secret keySharing a secret key
SVR: IETF RSVP Security (cont.)SVR: IETF RSVP Security (cont.)
BAADSpec
![Page 10: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/10.jpg)
10
SVR: Our ApproachSVR: Our Approach
SRC DST
ADSpec = 5M ADSpec = 200M
Correlation and Verification of the Correctness Properties
![Page 11: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/11.jpg)
12
SVR: Verification of ReservationsSVR: Verification of Reservations
No need to introduce new features to RSVP, other existing protocols
Do not need to install verification agents in every router
Capable of detecting insider attacks
![Page 12: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/12.jpg)
14
SVR: StatusSVR: Status
Identified types of possible attacks on RSVP signals
Solutions for detecting the most important types of attacks
Now implementing attacks and solutions
![Page 13: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/13.jpg)
15
$$$: Competing for Services$$$: Competing for Services
Network Resources
"You can have 5M, 2M, or 1M, at no cost; what do you want, and for how long?”
“We all want 5M5M, from now on!”
Users:
Service Provider:
5M 5M 5M 5M 5M 5M
![Page 14: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/14.jpg)
17
$$$: Influencing Behavior$$$: Influencing Behavior
Disincentives for bad behavior -- users incur costs for resource usage
Incentives for good behavior -- profits for service providers
![Page 15: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/15.jpg)
18
$$$: Competition (cont.)$$$: Competition (cont.)
“5M costs $3/min, 2M costs $2/min, 1M costs $1/min.”
Users:
Service Provider:
5M@$3
2M@$2
5M@$3
1M@$1
5M@$3
1M@$1
Network Resources
![Page 16: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/16.jpg)
19
$$$: Pricing of Resources$$$: Pricing of Resources
Price is right when demand = supply
Flexibility – combinations of resources and services– User endowments for non-monetary goals
How are prices set, by whom, and how are they distributed?
![Page 17: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/17.jpg)
21
$$$: Goals and Assumptions$$$: Goals and Assumptions
Fairness vs. “maximum aggregate utility”
The time and data scales for which this is useful
Real money, or play money?
Charging senders, or receivers
The overhead of billing and accounting
![Page 18: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/18.jpg)
22
$$$: Status$$$: Status
Pricing method
Integration with RSVP
Integration with DiffServ
Infrastructure
![Page 19: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/19.jpg)
23
IDS: Attacks on the Data FlowIDS: Attacks on the Data Flow
From a malicious host (external to network)– spoof high priority data flow packets– send large amounts of data to ingress router to
overload it
From a compromised ingress router– admit/discard traffic in violation of service
agreement– inappropriate marking of admitted traffic
![Page 20: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/20.jpg)
24
IDS: Possible Attacks (cont.)IDS: Possible Attacks (cont.)
– delay/drop packets from selected flows– generate additional traffic to degrade
overall network QoS
From a compromised core router– randomly re-mark flows– delay/drop packets from selected flows– generate additional traffic to degrade
overall network QoS
![Page 21: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/21.jpg)
25
IDS: Intrusion Detection System IDS: Intrusion Detection System
Filtering Engine
Profile-BasedAnalyzer
Decision Module
IDS MIB
SNMPv3
Rule-BasedAnalyzer
Network
SecurityManagementEntity
![Page 22: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/22.jpg)
26
IDS: Detecting Re-marked PacketsIDS: Detecting Re-marked Packets
Downstream IDS will detect anomalous change in IP header – raise alarm via SNMP
Security management entity will receive alarms from IDS entities and correlate them
Security management entity will query other routers on the path to isolate compromised router
![Page 23: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/23.jpg)
27
IDS: StatusIDS: Status
Enhance JiNao implementation to make it protocol independent – originally targeted for OSPF attack
detection – now can be used to detect attacks against
any protocol
Identification of data flow attacks
Preliminary design of IDS system
![Page 24: Protecting Network Quality of Service against Denial of Service Attacks](https://reader036.fdocuments.net/reader036/viewer/2022062517/56813dc0550346895da78a38/html5/thumbnails/24.jpg)
28
ConclusionsConclusions
Started August ‘99
Implementing RSVP / DiffServ testbed
Exploring collaborations with vendors